<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org" th:replace="~{fragments/layout :: layout(~{::title}, ~{::section})}">
<head>
    <title th:text="#{permissions.title}">Permissions - SnackMQ Console</title>
</head>
<body>
<section>
    <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom gap-2">
        <h4 class="h4 mb-0" th:text="#{permissions.user.role.management}">User and Role Management</h4>
        <div class="btn-toolbar mb-2 mb-md-0 gap-2">
            <button type="button" class="btn btn-sm btn-outline-primary me-2" data-bs-toggle="modal" data-bs-target="#createUserModal" th:text="#{permissions.create.user}">
                Create User
            </button>
            <button type="button" class="btn btn-sm btn-outline-success" data-bs-toggle="modal" data-bs-target="#createRoleModal" th:text="#{permissions.create.update.role}">
                Create/Update Role
            </button>
        </div>
    </div>

    <div th:if="${error}" class="alert alert-danger" role="alert" th:text="${error}"></div>

    <div class="row g-4">
        <!-- Users Table -->
        <div class="col-md-6">
            <h5 th:text="#{permissions.users}">Users</h5>
            <div class="table-responsive">
                <table class="table table-sm table-striped shadow-sm border-0 rounded">
                    <thead>
                    <tr>
                        <th th:text="#{permissions.username}">Username</th>
                        <th th:text="#{permissions.roles}">Roles</th>
                        <th th:text="#{permissions.actions}">Actions</th> <!-- 【新增】操作列 -->
                    </tr>
                    </thead>
                    <tbody>
                    <tr th:each="user : ${users}">
                        <td th:text="${user.username}"></td>
                        <td>
                            <span th:each="role : ${user.roles}" th:text="${role}" class="badge bg-secondary me-1"></span>
                        </td>
                        <td>
                            <!-- 【新增】删除用户的表单和按钮 -->
                            <!-- 【安全】使用 th:if 防止删除默认管理员 -->
                            <form th:if="${user.username != 'admin' && user.username != 'test-admin'}"
                                  th:action="@{/permissions/users/delete}" method="post" class="d-inline"
                                  th:onsubmit="'return confirm(\'' + #{permissions.confirm.delete.user} + '\');'">
                                <input type="hidden" name="username" th:value="${user.username}" />
                                <button type="submit" class="btn btn-danger btn-sm py-0 px-2" th:text="#{common.delete}">Delete</button>
                            </form>
                        </td>
                    </tr>
                    <tr th:if="${#lists.isEmpty(users)}">
                        <td colspan="3" class="text-center" th:text="#{permissions.no.users}">No users found.</td> <!-- 【修改】colspan="3" -->
                    </tr>
                    </tbody>
                </table>
            </div>
        </div>

        <!-- Roles Table -->
        <div class="col-md-6">
            <h5 th:text="#{permissions.roles.permissions}">Roles & Permissions</h5>
            <div class="accordion" id="rolesAccordion">
                <div th:each="role, iter : ${roles}" class="accordion-item">
                    <h2 class="accordion-header" th:id="'heading' + ${iter.index}">
                        <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" th:data-bs-target="'#collapse' + ${iter.index}" aria-expanded="false" th:aria-controls="'collapse' + ${iter.index}">
                            <strong th:text="${role.roleName}"></strong>
                        </button>
                    </h2>
                    <div th:id="'collapse' + ${iter.index}" class="accordion-collapse collapse" th:aria-labelledby="'heading' + ${iter.index}" data-bs-parent="#rolesAccordion">
                        <div class="accordion-body">
                            <!-- 【新增】删除角色的表单和按钮 -->
                            <div class="d-flex justify-content-end mb-2">
                                <!-- 【安全】使用 th:if 防止删除默认管理员角色 -->
                                <form th:if="${role.roleName != 'admin-role'}"
                                      th:action="@{/permissions/roles/delete}" method="post" class="d-inline"
                                      th:onsubmit="'return confirm(\'' + #{permissions.confirm.delete.role} + '\');'">
                                    <input type="hidden" name="roleName" th:value="${role.roleName}" />
                                    <button type="submit" class="btn btn-outline-danger btn-sm" th:text="#{permissions.delete.this.role}">Delete This Role</button>
                                </form>
                            </div>
                            <ul class="list-group list-group-flush">
                                <li th:each="perm : ${role.permissions}" class="list-group-item d-flex justify-content-between align-items-center">
                                    <span th:text="${'Action: ' + perm.action + ', Resource: ' + perm.resourceType + ' ' + perm.resourceName}"></span>
                                </li>
                                <li th:if="${#lists.isEmpty(role.permissions)}" class="list-group-item" th:text="#{permissions.no.permissions.assigned}">No permissions assigned.</li>
                            </ul>
                        </div>
                    </div>
                </div>
                <div th:if="${#lists.isEmpty(roles)}" class="text-center p-3" th:text="#{permissions.no.roles}">No roles found.</div>
            </div>
        </div>
    </div>

    <!-- Create User Modal -->
    <div class="modal fade" id="createUserModal" tabindex="-1" aria-hidden="true">
        <div class="modal-dialog">
            <div class="modal-content">
                <form th:action="@{/permissions/users/create}" method="post">
                    <div class="modal-header">
                        <h5 class="modal-title" th:text="#{permissions.create.new.user}">Create New User</h5>
                        <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
                    </div>
                    <div class="modal-body">
                        <div class="mb-3">
                            <label for="username" class="form-label" th:text="#{permissions.username}">Username</label>
                            <input type="text" class="form-control" id="username" name="username" required>
                        </div>
                        <div class="mb-3">
                            <label for="password" class="form-label" th:text="#{permissions.password}">Password</label>
                            <input type="password" class="form-control" id="password" name="password" required>
                        </div>
                        <div class="mb-3">
                            <label for="roles" class="form-label" th:text="#{permissions.assign.roles}">Assign Roles</label>
                            <select multiple class="form-select" id="roles" name="roles">
                                <option th:each="role : ${roles}" th:value="${role.roleName}" th:text="${role.roleName}"></option>
                            </select>
                            <div class="form-text" th:text="#{permissions.select.multiple.roles}">Hold Ctrl/Cmd to select multiple roles.</div>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal" th:text="#{common.cancel}">Close</button>
                        <button type="submit" class="btn btn-primary" th:text="#{permissions.create.user}">Create User</button>
                    </div>
                </form>
            </div>
        </div>
    </div>

    <!-- Create/Update Role Modal -->
    <div class="modal fade" id="createRoleModal" tabindex="-1" aria-hidden="true">
        <div class="modal-dialog">
            <div class="modal-content">
                <form th:action="@{/permissions/roles/create}" method="post">
                    <div class="modal-header">
                        <h5 class="modal-title" th:text="#{permissions.create.update.role}">Create or Update Role</h5>
                        <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
                    </div>
                    <div class="modal-body">
                        <p class="form-text" th:text="#{permissions.overwrite.note}">Note: This will overwrite all existing permissions for the given role.</p>
                        <div class="mb-3">
                            <label for="roleName" class="form-label" th:text="#{permissions.role.name}">Role Name</label>
                            <input type="text" class="form-control" id="roleName" name="roleName" required>
                        </div>
                        <hr>
                        <h6 th:text="#{permissions.add.permission}">Add a Permission</h6>
                        <div class="mb-3">
                            <label for="action" class="form-label" th:text="#{permissions.action}">Action</label>
                            <select class="form-select" id="action" name="action" required>
                                <option th:each="act : ${actions}" th:value="${act}" th:text="${act.name()}"></option>
                            </select>
                        </div>
                        <div class="mb-3">
                            <label for="resourceType" class="form-label" th:text="#{permissions.resource.type}">Resource Type</label>
                            <select class="form-select" id="resourceType" name="resourceType" required>
                                <option value="TOPIC">TOPIC</option>
                                <option value="EXCHANGE">EXCHANGE</option> <!-- 【新增】 -->
                                <option value="CONSUMER_GROUP">CONSUMER_GROUP</option>
                                <option value="CLUSTER">CLUSTER</option>
                            </select>
                        </div>
                        <div class="mb-3">
                            <label for="resourceName" class="form-label" th:text="#{permissions.resource.name}">Resource Name</label>
                            <input type="text" class="form-control" id="resourceName" name="resourceName" th:placeholder="#{permissions.resource.name.placeholder}" required>
                        </div>
                    </div>
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal" th:text="#{common.cancel}">Close</button>
                        <button type="submit" class="btn btn-primary" th:text="#{permissions.save.role}">Save Role</button>
                    </div>
                </form>
            </div>
        </div>
    </div>
</section>
<th:block th:replace="~{fragments/js/permissions-js :: js}"></th:block>
</body>
</html>